From 92b633a8a482c4bc1ff3b7cffdcace7836861554 Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel Date: Sun, 30 Nov 2014 13:51:03 +0100 Subject: mtd: physmap_of: fix potential NULL dereference On device remove, when testing the cmtd field of an of_flash struct to decide whether it is a concatenated device or not, we get a false positive on cmtd == NULL, and dereference it subsequently. This may occur if of_flash_remove() is called from the cleanup path of of_flash_probe(). Instead, test for NULL first, and only then perform the test for a concatenated device. Signed-off-by: Ard Biesheuvel Signed-off-by: Brian Norris --- drivers/mtd/maps/physmap_of.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/drivers/mtd/maps/physmap_of.c b/drivers/mtd/maps/physmap_of.c index c1d21cb501ca..e48930424091 100644 --- a/drivers/mtd/maps/physmap_of.c +++ b/drivers/mtd/maps/physmap_of.c @@ -47,14 +47,12 @@ static int of_flash_remove(struct platform_device *dev) return 0; dev_set_drvdata(&dev->dev, NULL); - if (info->cmtd != info->list[0].mtd) { + if (info->cmtd) { mtd_device_unregister(info->cmtd); - mtd_concat_destroy(info->cmtd); + if (info->cmtd != info->list[0].mtd) + mtd_concat_destroy(info->cmtd); } - if (info->cmtd) - mtd_device_unregister(info->cmtd); - for (i = 0; i < info->list_size; i++) { if (info->list[i].mtd) map_destroy(info->list[i].mtd); -- cgit v1.2.3